Cyware Daily Threat Intelligence June 26, 2018

Cryptomining bots target IoT devices
A cryptocurrency mining bot has been discovered targeting IoT devices. The bot is also offering cryptocurrency malware in the underground market. Hackers are using social engineering methods to launch these attacks. Devices having RDP port are being searched for in order to take advantage of the vulnerable devices.

Pbot adware
A new version of the Pbot adware has been detected by security researchers. In the new version, a hidden miner has been installed and run on the victim computers. Security researchers from Kaspersky Labs have found more than 50,000 attempts to install Pbot on devices. The adware is mostly targeting the following countries: Russia, Ukraine, and Kazakhstan. JMX drawback
Misconfiguration of a commonly used Java web server component, Jolokia's Java Management Extensions (JMX), left several websites at risk of attack. Versions prior to 1.6.0 are vulnerable. Majority of the affected domains have already been fixed the vulnerability. Users are advised to download the version 1.6.0, with the Jolokia role to be configured with the WAR agent.

TLBleed security flaw
A new security flaw has been discovered in modern processors. Dubbed TLBleed, this vulnerability affects a process known as simultaneous multithreading (SMT). By exploiting this flaw, hackers can extract sensitive information such as cryptographic keys from the CPU. Developers on OpenBSD have thus disabled HT on Intel processors.